|
381
|
8.8 |
HIGH
Network
|
zohocorp
|
manageengine_admanager_plus
|
Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.
Update
|
NVD-CWE-noinfo
|
CVE-2024-24409
|
2024-11-14 05:35 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
382
|
5.4 |
MEDIUM
Network
|
mycred
|
mycred
|
The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-10187
|
2024-11-14 05:31 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
383
|
6.5 |
MEDIUM
Network
|
salesagility
|
suitecrm
|
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-con…
Update
|
CWE-89
SQL Injection
|
CVE-2024-49773
|
2024-11-14 05:29 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
384
|
8.1 |
HIGH
Network
|
zohocorp
|
manageengine_sharepoint_manager_plus
|
Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.
Update
|
CWE-611
XXE
|
CVE-2024-10839
|
2024-11-14 05:19 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
385
|
8.8 |
HIGH
Network
|
salesagility
|
suitecrm
|
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injecti…
Update
|
CWE-89
SQL Injection
|
CVE-2024-49772
|
2024-11-14 05:19 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
386
|
- |
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability in the Create Customer API in Incognito Service Activation Center (SAC) UI v14.11 allows authenticated attackers to execute arbitrary web scripts or …
New
|
-
|
CVE-2024-42834
|
2024-11-14 05:15 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
387
|
- |
|
-
|
-
|
SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows a remote attacker to cause a denial of service via the delete_users function in the Useres.php
New
|
-
|
CVE-2024-40443
|
2024-11-14 05:15 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
388
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in Cyber Cafe Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the adminname parameter.
New
|
-
|
CVE-2023-38920
|
2024-11-14 05:15 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
389
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payloa…
Update
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2024-9632
|
2024-11-14 05:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
390
|
8.8 |
HIGH
Network
|
salesagility
|
suitecrm
|
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels() fu…
Update
|
NVD-CWE-noinfo
|
CVE-2024-50333
|
2024-11-14 05:10 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
